We further enhance the freshness definition for the three-pass authenticated key exchange protocols such that our new definition gives the adversary more capabilities. We point out that the three-pass authenticated key exchange protocols generically transformed from the two-pass authenticated key exchange protocols secure in the eCK model can not be secure in our new security definition. We then introduce a new authenticated key exchange protocol SIG-DH$^+$ and prove that it satisfies our new definition.
Category / Keywords: cryptographic protocols / Date: received 18 Oct 2009 Contact author: Chinesechess at sjtu edu cn Available format(s): PDF | BibTeX Citation Version: 20091020:114834 (All versions of this report) Short URL: ia.cr/2009/505 Discussion forum: Show discussion | Start new discussion